Google has decided not to fix vulnerabilities in WebView for Android 4.3 and older, sparking heated discussions among developers. Those versions of WebView run on the WebKit browser. Fixing them “required changes to significant portions of the code and was no longer practical to do so safely,” explained Adrian Ludwig, lead engineer for Android security. Ludwig recommended steps users and developers can take to mitigate the potential exploitation of WebView vulnerabilities without updating to Lollipop, or Android 5.0.
From: Linux Insider